General
-
Target
UPDATED SOA.xlsx
-
Size
705KB
-
Sample
210727-5mjeld9d96
-
MD5
b1403a9cdf7a6c5ec38bc61a8881be15
-
SHA1
effc46e294614dc6aadc226adbc08b1bca2c141c
-
SHA256
ac377dab041224657325256e5549adf0243175a11b4679386bfc28b8ad9d232d
-
SHA512
a2c6127624f1ca9880cce10c222d956f04894e4a724693f69ac788d3471f8cd01522f6a17b89c79f921b83cf0d722ab7a04841f816fca4ad955122627f5d220f
Static task
static1
Behavioral task
behavioral1
Sample
UPDATED SOA.xlsx
Resource
win7v20210408
Behavioral task
behavioral2
Sample
UPDATED SOA.xlsx
Resource
win10v20210410
Malware Config
Extracted
snakekeylogger
Protocol: smtp- Host:
mail.privateemail.com - Port:
587 - Username:
nnamdi@keithwilliamgroup.com - Password:
)||LHNUQ5wgcszg
Targets
-
-
Target
UPDATED SOA.xlsx
-
Size
705KB
-
MD5
b1403a9cdf7a6c5ec38bc61a8881be15
-
SHA1
effc46e294614dc6aadc226adbc08b1bca2c141c
-
SHA256
ac377dab041224657325256e5549adf0243175a11b4679386bfc28b8ad9d232d
-
SHA512
a2c6127624f1ca9880cce10c222d956f04894e4a724693f69ac788d3471f8cd01522f6a17b89c79f921b83cf0d722ab7a04841f816fca4ad955122627f5d220f
Score10/10-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-